ryanaslett
commented
4 years ago I did some git bisecting and ^1.* was matching the versionRegex and ending up in the Caret range section of parse_constraint() (https://github.com/composer/semver/blob/main/src/VersionParser.php#L375-L413) .
Im unsure what the motivation behind adding the asterisks to the regex, but I cant see where they are supposed to work in conjunction with an operator.
I updated the PR to include a fix, and it looks like tests are passing on all environments except php-nightly.
GrahamCampbell
https://getcomposer.org/doc/faqs/why-are-version-constraints-combining-comparisons-and-wildcards-a-bad-idea.md documents that these constraints should be rejected. 71404e64871484347d2e88955b0b1e16f5336ef1 is the commit that changed this behavior.
This PR is just the change to the tests to demonstrate that it is now allowing the invalid constraints.